import express from 'express';
import { AuthController } from '@/controllers/AuthController';
import { validateRequest, commonSchemas } from '@/middleware/validation';
import { createRateLimiter } from '@/middleware/rateLimiter';

const router = express.Router();
const authController = new AuthController();

// 登录限制器 - 更严格的限制
const loginLimiter = createRateLimiter({
  points: 5, // 5次尝试
  duration: 900, // 15分钟
  blockDuration: 1800, // 阻止30分钟
  keyGenerator: (req) => `login_${req.ip}_${req.body.username || req.body.phone}`
});

// 注册限制器
const registerLimiter = createRateLimiter({
  points: 3, // 3次注册
  duration: 3600, // 1小时
  keyGenerator: (req) => `register_${req.ip}`
});

/**
 * @route POST /api/v1/auth/register
 * @desc 用户注册
 * @access Public
 */
router.post('/register',
  registerLimiter,
  validateRequest({
    body: commonSchemas.userRegistration
  }),
  authController.register
);

/**
 * @route POST /api/v1/auth/login
 * @desc 用户登录
 * @access Public
 */
router.post('/login',
  loginLimiter,
  validateRequest({
    body: commonSchemas.userLogin
  }),
  authController.login
);

/**
 * @route POST /api/v1/auth/refresh
 * @desc 刷新访问令牌
 * @access Public
 */
router.post('/refresh',
  validateRequest({
    body: commonSchemas.refreshToken
  }),
  authController.refreshToken
);

/**
 * @route POST /api/v1/auth/logout
 * @desc 用户登出
 * @access Private
 */
router.post('/logout',
  authController.logout
);

/**
 * @route GET /api/v1/auth/me
 * @desc 获取当前用户信息
 * @access Private
 */
router.get('/me',
  authController.getCurrentUser
);

/**
 * @route PUT /api/v1/auth/password
 * @desc 修改密码
 * @access Private
 */
router.put('/password',
  validateRequest({
    body: commonSchemas.changePassword
  }),
  authController.changePassword
);

export default router;